<?php

  //////////////////////////////////////////////////////////////////
  // OrbitFAQ                                                     //
  // ---------                                                    //
  //                                                              //
  // Orbit FAQ was solely written and developed by Orbit Services //
  // http://www.orbitservices.net                                 //
  //                                                              //
  // Access the Forum here:                                       //
  // http://forums.orbitservices.net/index.php?c=4                //
  //                                                              //
  // OrbitFAQ utilises the following opensource projects/classes; //
  //  + Fckeditor - http://www.fckeditor.net                      //
  //  + Smarty Template Engine - http://smarty.php.net            //
  //  + Swift Email Class - http://www.swiftmailer.org/           //
  //  + OWASP PHP Filter Project - http://www.owasp.org           //
  //  + MySQL Search Class by Stephen Bartholomew                 //
  //                                                              //
  //////////////////////////////////////////////////////////////////

  require('incs/config.inc.php');
  require('incs/db.inc.php');
  require('incs/classes.inc.php');

  if($GatherUserStats == '1')
    {
      require('incs/stats.inc.php');
    }

  checkIfLoggedIn();

  $smarty = new Smarty;

  require('incs/common.inc.php');

  $SmartyCompileDir = "skins/$defaultSkin/skins_c";
  $smarty->compile_dir = $SmartyCompileDir;

  $smarty->compile_check = false;
  $smarty->debugging = false;

  $smarty->assign('SkinListing',$SkinListing);


  // Lets work out where we are
  $wai = "<div>";

    if($defaultFAQ == '')
      {
        $wai_home = $OrbitFAQTitle;
        $wai .= "<a href='index.php'><b>$wai_home</b></a>";
      }

      $wai .= " &raquo; Ask Your Question";

    $wai .= "</div>";

    $smarty->assign("WhereAmI","$wai");
    $smarty->assign("OrbitFAQVersion","$orbitfaq_version");

    $query_faq = "SELECT title from orbitfaq WHERE `id` = '$faq'";
    $result_faq = $faqsql_query ($query_faq)OR DIE( "$sql_query_error $query_faq");

    while ($row_faq = $faqsql_fetch_array ($result_faq)){
      $faq_title = $row_faq[0];
    }

    $smarty->assign("CurrentFAQ","$faq_title");

    $query_ca = "SELECT title from orbitfaq_categories WHERE `id` = '$ca'";
    $result_ca = $faqsql_query ($query_ca)OR DIE( "$sql_query_error $query_ca");

    while ($row_ca = $faqsql_fetch_array ($result_ca)){
      $ca_title = $row_ca[0];
    }

    $ip = $_SERVER['REMOTE_ADDR'];

    $smarty->assign("PageTitle","Ask Your Question");

    if($action == 'post')
      {
        $posted_ca = sanitize_paranoid_string($_POST['posted_ca']);
        $posted_question = strip_tags($_POST['posted_question']);
        $posted_by = strip_tags($_POST['posted_by']);
        $posted_email = fsanitize_email($_POST['posted_email']);
        $validate_email = checkEmail($posted_email);

        // Get the Captcha answer from the session
        $captcha_real_answer = $_SESSION['security_code'];

        // Get the users answer
        $posted_captcha_answer = $_POST['posted_captcha_answer'];

        // Let check if the IP is banned to post
        if($_GET['BannedUserIP'] == '')
          {
            // Check IP
            $BannedUserIP = checkBanList($ip);
          }
        else
          {
            $BannedUserIP = '0';
          }

        // Let check if the Email Address is banned to post
        if($_GET['BannedUserEmail'] == '')
          {
            // Check IP
            $BannedUserEmail = checkBanList($posted_email);
          }
        else
          {
            $BannedUserEmail = '0';
          }

        if(!$posted_ca){ $error .= " &raquo; You did not select a <u>Category</u><br />"; }
        if(($BannedUserIP == '0')OR($BannedUserEmail == '0')){ $error .= " &raquo; You appear to have a banned <u>IP/Email address</u><br />"; }
        if(!$posted_question){ $error .= " &raquo; You did not enter a <u>Question</u><br />"; }
        if(!$posted_by){ $error .= " &raquo; You did not enter a <u>Name</u><br />"; }
        if(!$posted_email){ $error .= " &raquo; You did not enter an <u>Email Address</u><br />"; }
        if($validate_email == '0'){ $error .= " &raquo; You did not enter a <u>Valid Email Address</u><br />"; }
        if($captcha_real_answer != $posted_captcha_answer){ $error .= " &raquo; You entered an incorrect <u>Captcha Answer</u> - You typed '$posted_captcha_answer' and it was actually '$captcha_real_answer'<br />"; }

        $posted_time = date("Y-m-d H:i:s");

        if(!$error)
          {

            $query_add = "INSERT INTO `orbitfaq_questions` (
                `f_id`,
                `c_id`,
                `desc`,
                `posted_time`,
                `posted_by`,
                `posted_email`,
                `status`,
                `ip`
              )VALUES(
                '$faq',
                '$posted_ca',
                '$posted_question',
                '$posted_time',
                '$posted_by',
                '$posted_email',
                '0',
                '$ip'
              );

            ";
            $result_add = $faqsql_query ($query_add)OR DIE( "$sql_query_error $query_add");

            // Get our email address and email them the notice

            $OurMessage = "<font face='verdana'>You have received a user submitted question from <b>$OrbitFAQTitle</b><br /><br />";
            $OurMessage .= "Posted By: $posted_by<br />";
            $OurMessage .= "Posted Email: $posted_email<br />";
            $OurMessage .= "Posted Question: $posted_question<br /><br />";
            $OurMessage .= "This question is pending your acknowledgment and answer<br /><br />";
            $OurMessage .= "Please log into $OrbitFAQTitle and respond<br />";
            $OurMessage .= "$FaqAddress<br /><br />";
            $OurMessage .= "Regards,<br /><b>OrbitFAQ Mailer</b>";

            $OurTxtMessage = "You have received a user submitted question from $OrbitFAQTitle\n\n";
            $OurTxtMessage .= "Posted By: $posted_by\n";
            $OurTxtMessage .= "Posted Email: $posted_email\n";
            $OurTxtMessage .= "Posted Question: $posted_question\n\n";
            $OurTxtMessage .= "This question is pending your acknowledgment and answer\n";
            $OurTxtMessage .= "Please log into $OrbitFAQTitle and respond\n";
            $OurTxtMessage .= "$FaqAddress\n\n";
            $OurTxtMessage .= "Regards,\nOrbitFAQ Mailer\n";


            // Lets check which Admin is supposed to answer the question
            $query_faq = "SELECT login FROM `orbitfaq_users` WHERE id = ANY(select admin_id FROM orbitfaq_admins_ownership WHERE f_id = '$faq') AND (accesslvl = 'admin' OR accesslvl = 'superadmin');";
            $result_faq = $faqsql_query ($query_faq)OR DIE( "$sql_query_error $query_faq");

            while ($row_faq = $faqsql_fetch_array ($result_faq)){
              $to_email = $row_faq[0];


                // Lets check that they are using swift
                // if version is ok then use swift
                if(($phpv == '4')OR($phpv == '5'))
                  {
                    $swift =& new Swift(new Swift_Connection_SMTP("$smtp_hostname"));

                    if($email_format == 'text')
                      {
                        $email_format = '';
                      }

                    if($email_format == 'text/html')
                      {
                        $RealMessage = $OurMessage;
                      }
                    else
                      {
                        $RealMessage = $OurTxtMessage;
                      }

                    //Create the message
                    $message =& new Swift_Message("$OrbitFAQTitle Question", "$RealMessage", $email_format);

                    //Now check if Swift actually sends it
                    !$swift->send($message, $to_email, $default_email);
                  }
                // if not then we will just use PHP mail functions.
                else
                  {
                    $headers = "From: $default_email\r\n";
                    mail( $to_email, "$OrbitFAQTitle Question", $OurTxtMessage, $headers );
                  }

            }

            // Load our Listing Template
            $template_file = "../../skins/$defaultSkin/success_question.tpl";
            $smarty->display("file:$template_file");

            exit;

          }

        $smarty->assign("posted_ca","$posted_ca");
        $smarty->assign("posted_question","$posted_question");
        $smarty->assign("posted_by","$posted_by");
        $smarty->assign("posted_email","$posted_email");
        $smarty->assign("Errors","$error");

      }

    if($allowUserPosts == '0')
      {
        $Errors = 'Users are not allowed to post in this FAQ';
        $smarty->assign("Errors","$Errors");

        $smarty->assign("hide_login","1");

        // Load our Listing Template
        $template_file = "../../skins/$defaultSkin/ask_question_fail.tpl";
        $smarty->display("file:$template_file");

        clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
        exit;
      }


    if(($allowUserPosts == '1')AND($usersMustBeLoggedIn == '1')AND($orbitfaq_accesslevel == 'none'))
      {
        $Errors = 'You need to be logged in to post in this FAQ';
        $smarty->assign("Errors","$Errors");

        // Load our Listing Template
        $template_file = "../../skins/$defaultSkin/ask_question_fail.tpl";
        $smarty->display("file:$template_file");

        clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
        exit;
      }

    // Lets get our Categories
    $query_cat = "SELECT * from orbitfaq_categories WHERE `f_id` = '$faq'";
    $result_cat = $faqsql_query ($query_cat)OR DIE( "$sql_query_error $query_cat");
    $count_cat = $faqsql_count_rows($result_cat);

    while ($row_cat = $faqsql_fetch_array ($result_cat)){
      $cat_id = $row_cat[0];
      $cat_f_id = $row_cat[1];
      $cat_title = $row_cat[2];
      $cat_desc = $row_cat[3];

      if((!$posted_ca)AND($ca == $cat_id))
        {
          $selected = " selected";
        }
      elseif(($posted_ca)AND($cat_id == $posted_ca))
        {
          $selected = " selected";
        }
      else
        {
          $selected = "";
        }

      $build_cat_pulldown .= "<option value='$cat_id' $selected>$cat_title</option>\n";

    }


    $smarty->assign("posted_by","$orbitfaq_fullname");
    $smarty->assign("posted_email","$orbitfaq_login");

    $smarty->assign("CatPulldown","$build_cat_pulldown");
    $smarty->assign("CurrentCAT","$ca_title");

    $post_url = "$PHP_SELF?faq=$faq&ca=$ca&action=post";
    $smarty->assign("PostURL","$post_url");

    // Load our Listing Template
    $template_file = "../../skins/$defaultSkin/ask_question.tpl";
    $smarty->display("file:$template_file");

    clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

    exit;

?>
